3f15abfd89db46402e8e4841e4ebc8d7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3f15abfd89db46402e8e4841e4ebc8d7_JaffaCakes118
Size

243KB
MD5

3f15abfd89db46402e8e4841e4ebc8d7
SHA1

d0225e49436ec023f7988b795bd6c83adb47160d
SHA256

ed603ce39f45dff1467ce1e765756b18adaa9a34c724a9e894f91519b21b5f57
SHA512

c3a2a68b25ca73c10042c66327000f3b56b77f30e9f48efdbfc0d1be4e5f4e8e4b6f5520f333d24c5270131445294fb4b07c2b6b78e95d8b202fe0b9a584eacf
SSDEEP

6144:SAgNu/IVgBDS51WNPIdF/Xktd9fjKZS5pslh3T8HFpGuced3410C0RWJB:CyBm5FF05f4Ph2GRe+SCIGB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/geraldine.exe

Files

3f15abfd89db46402e8e4841e4ebc8d7_JaffaCakes118
.zip
geraldine.exe
.exe windows:5 windows x86 arch:x86

94bb55a63a2b4b02b295e8f295241884

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GetBkColor
GetDCBrushColor
GetDCPenColor
GetClipRgn
GetMetaRgn
GetCurrentObject
GetDeviceCaps
GetGraphicsMode
GetMapMode
GetNearestColor
GetNearestPaletteIndex
GetObjectType
GetPixelFormat
GetPolyFillMode
GetRandomRgn
GetStretchBltMode
GetSystemPaletteUse
GetTextCharacterExtra
GetTextAlign
GetTextColor
GetTextCharsetInfo
GetFontLanguageInfo
SetPixel
SetTextCharacterExtra
SetTextColor

user32

LoadIconA
GetWindowLongA
GetCursor
GetMenuContextHelpId
GetWindowContextHelpId
SetWindowTextA
RemovePropA
GetPropA
GetScrollPos
EndPaint
BeginPaint
GetWindowDC
GetDC
WindowFromDC
GetForegroundWindow
DrawTextA
GetMenuCheckMarkDimensions
GetMenuItemCount
GetMenuItemID
GetMenuState
IsWindowEnabled
EnableWindow
IsWindowUnicode
GetQueueStatus
GetInputState
GetKeyboardType
SetFocus
GetDialogBaseUnits
CheckDlgButton
SetDlgItemTextA
GetDlgItemInt
GetDlgItem
EndDialog
MoveWindow
ShowWindow
CallWindowProcA
PostMessageA

kernel32

GetFullPathNameA
ReadConsoleW
ReadFile
SetEndOfFile
GetTimeZoneInformation
CreateFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFullPathNameW
PeekNamedPipe
GetFileInformationByHandle
FileTimeToLocalFileTime
WriteConsoleW
SetFilePointerEx
SetStdHandle
GetStringTypeW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
HeapSize
OutputDebugStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetModuleFileNameA
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
FindFirstFileExW
FindClose
RtlUnwind
GetConsoleMode
GetConsoleCP
FlushFileBuffers
DeleteFileA
GetFileTime
GetFileType
SetFilePointer
WriteFile
IsDebuggerPresent
GetLastError
QueryPerformanceCounter
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
IsProcessorFeaturePresent
GetVersion
GetTickCount
GetModuleHandleA
GetProcAddress
SizeofResource
GlobalAlloc
GlobalSize
GlobalFlags
GlobalHandle
LocalFlags
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
HeapReAlloc
GetSystemTimeAsFileTime
GetCommandLineA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
FatalAppExitA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
Sleep
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
CreateSemaphoreW
GetStdHandle
GetModuleFileNameW
SetConsoleCtrlHandler
FreeLibrary
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCurrentThread
GetProcessHeap
CloseHandle
SetEnvironmentVariableA

Sections

.text
Size: 298KB - Virtual size: 298KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

94bb55a63a2b4b02b295e8f295241884

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

user32

kernel32

Sections

.text Size: 298KB - Virtual size: 298KB

.rdata Size: 25KB - Virtual size: 25KB

.data Size: 20KB - Virtual size: 124KB

.reloc Size: 32KB - Virtual size: 32KB

.text
Size: 298KB - Virtual size: 298KB

.rdata
Size: 25KB - Virtual size: 25KB

.data
Size: 20KB - Virtual size: 124KB

.reloc
Size: 32KB - Virtual size: 32KB